Yammer Embed open graph bad request - yammer

We have the below code for enabling intranet comments on some articles. For some users in some articles, we get bad request (error 400). The user has the needed license and can access the Yammer group where the comment is supposed to be posted to.
yam.connect.embedFeed({
container: ".news-social",
network: Constants.YammerNetwork,
feedType: "open-graph",
objectProperties: {
url: window.location.href,
title: newsArticleValues.Title,
image: yammerImage
},
config: {
promptText: "Comment on this article",
use_sso: true,
header: false,
defaultGroupId: Constants.DefaultYammerGroupId
}
});
We couldn't reproduce this on our test / staging tenant - only on prod tenant.
The title OG tag in the objectProperties object is with Cyrillic characters which as we expected are encoded in the URL of the Yammer iframe.
Has anyone else experienced such issue?

Related

OKTA logs a successful signin but returns to logon page with error?code=

Okta noob here and hoping the hive-mind could help.
while I have a successful log int to OKTA according to the logs, it returns to an error page with a url similar to the following
localhost:8080/error?code=Tp59q3-more of the hash-W1EP&state=z8JF0llhhMe-more of the hash-e6iLs1A5Z5
I'm using the sample code here: https://github.com/okta/samples-js-angular/tree/master/okta-hosted-login, which I had previously working. That is, up until the point I added my own custom code to the project.
the things that has me scratching my head is the Login challenge/response dialog for passwords appears as expected, the okta dashboard records a successful login. The redirect URL gives me a hash whereas the help documents don't indicate that is the case.
So not sure if I'm getting a head fake from the error? query string.
The response code I'm receiving is 200.
It doesn't make sense that a dev site would obscure error codes. so any guidance would be appreciated. Do I need to decode these hashes? Is this a redirect issue?
const { CLIENT_ID, ISSUER, OKTA_TESTING_DISABLEHTTPSCHECK } = process.env;
export default {
oidc: {
clientId: `${CLIENT_ID}`,
issuer: `${ISSUER}`,
redirectUri: window.location.origin + '/login/callback',
scopes: ['openid', 'profile', 'email'],
pkce: true,
testing: {
disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`
}
},
resourceServer: {
messagesUrl: 'http://localhost:8000/api/messages'
},
};

Files in Google Shared Drive not sending push notifications

I have been able to successfully create and receive webhook events for files in my personal drive, how ever when I try to set them up for a file in a shared drive I receive no events.
I get a status 200 when creating the webhook. So it seems that the webhook for file in the shared drive is being created properly. But after the initial 200 response no events follow no matter which changes to the file are made.
below is the request I have been using.
Perhaps this is a permissions issues but I can't find anything in Google's documentation on how to support push notifications in shared drives.
request({
method: 'POST',
uri:`https://www.googleapis.com/drive/v3/files/{fileId}`,
json: true,
body: {
id: '',
type: 'web_hook',
address: ``,
expiration: expiration_date,
},
headers: { Authorization: `Bearer` },
qs: {
includeItemsFromAllDrives: true,
supportsAllDrives: true,
supportsTeamDrives: true,
},
}),
```
Thanks

MailChimp Double Optin API not sending conf. email

I've created an express backend and I want to setup double optin. My code already works if I set the status to 'subscribed', but changing this to 'pending' does not result in the confirmation email being sent.
I have also updated a list for enabling double optin (and created a 2nd audience to test as well, same result).
I upgraded my mailchimp account from free to a paid option, and it's still not sending the confirmation email or adding the email at all in the audience (the code is responding with successful, though)?
Here's the pertinent part of the code:
const data = {
members: [
{
email_address: email,
status: 'pending'
}
]
}
const postData = JSON.stringify(data);
const options = {
url: 'https://us4.api.mailchimp.com/3.0/lists/mylistid',
method: 'POST',
headers: {
Authorization: 'auth mykey'
},
body: postData
}
Any thoughts?
Ugh, never mind. After what seemed to be 20+ minutes, I finally received the confirmation emails. The contact won't show up in MailChimp until a user confirms their email, so that's why it wasn't showing up in the MC UI.
Pretty disappointing it took that long for a confirmation email to be sent out. That will result in people forgetting to confirm -- hopefully that was just an exception and not the norm in the response time.

Smart Home sample, "Couldn't update settings please check your connection"

My goal is to get the "Turn on the light" message when I say that to my Google Home. To do that, I visited their documentation page, which listed this sample code. I downloaded it and run it locally. Even thought I ran it locally, by default it was available publicly at "https://something.ngrok.io".
I opened the page and added a new light (I chose monochrome, because it looked simpler than RGB light) like this.
Then, I created a project "Fake Light" at Actions on Google.
Now, I see that app when I click "Add devices" on the Google Home app like below. If I click it, it shows the OAuth page, but when I tried to log in, it says, "Couldn't update settings please check your connection".
The NPM console log is like the following (I censored out some parts):
login successful rick
authCode successful 5*************************
GET /oauth?response_type=code&client_id=***********&redirect_uri=https://oauth-redirect.googleusercontent.com/r/******** 302 8.858 ms - 1418
/token query {}
/token body { grant_type: 'authorization_code',
code: '*****************',
redirect_uri: 'https://oauth-redirect.googleusercontent.com/r/*****************',
client_id: 'ZxjqWpsYj3',
client_secret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
client { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
handleAuthCode {}
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getAccessToken = { uid: '1234',
accessToken: '*****************',
refreshToken: '*****************',
userId: '1234' }
return getAccessToken = { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
respond success { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
POST /token 200 6.401 ms - 100
POST / 404 0.401 ms - 140
I used the sample account rick/oldman. The last log did show "404" but I am not sure why this happens.
The fulfilment address had to contain "/smarthome". I had entered "https://xxxxxxxx.ngrok.io". I changed it to "https://xxxxxxxx.ngrok.io/smarthome" and the error did not happen again.
https://github.com/actions-on-google/smart-home-nodejs/issues/58

How do I log out of Stormpath ID Site with express-stormpath and stormpath-sdk-angularjs?

I have an express-stormpath application that uses Stormpath ID Site. It has this configuration:
app.use(stormpath.init(app, {
web: {
idSite: {
enabled: true,
uri: '/idSiteResult',
nextUri: '/'
},
login: {
enabled: true,
uri: config.login
},
logout: {
enabled: true,
uri: config.logout
},
me: {
expand: {
customData: true,
groups: true
}
}
}
}));
Login works fine, but logout is giving me trouble.
First, I tried logging out with the stormpath-sdk-angularjs built-in endSession()
$auth.endSession();
But I was still logged in.
Digging into express-stormpath, it looks like logout POST requires Accept type text/html for id-site logout. In stormpath-sdk-angularjs, it looks like endSession POST uses application/json.
So I tried logging out with $http.post
$http.post('/logout', null, {
headers: {
'Accept': 'text/html'
}
});
But I get this error:
XMLHttpRequest cannot load https://api.stormpath.com/sso/logout?jwtRequest=[...]. Redirect from 'https://api.stormpath.com/sso/logout?jwtRequest=[...]' to 'http://localhost:9000/idSiteResult?jwtResponse=[...]' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.
How do I log out of Stormpath ID Site?
I work at Stormpath. ID Site requires that you actually redirect the end user to ID Site. I'm not sure why endSession() isn't working, but I'll reach out to our JS team to see if there might be a bug there.
In the meantime, you can use this code (or the equivalent in Angular-specific primitives) to accomplish a logout:
var form = document.createElement('form');
form.method = "POST";
form.action = "/logout";
form.submit();
This looks like a CORS issue. I believe you need to add at least;
Access-Control-Allow-Origin: https://api.stormpath.com
To the response headers from your server.

Resources